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METHOD AND APPARATUS IN A TELECOMMUNICATIONS SYSTEM 

Technical field of the inventTon 

The present invention relates generally to a method 
for use in communications systems, and more particularly, the invention 
relates to a method of access independent global roa'ning. The invention 
further relates to a system and apparatus for carrying out the method. 

Background of the inverttion 

A large number of fixed and mobile access standards 
are now available, such as Wideband-Code Division Multiple Access (W-CDMA) , 
Universal Mobile Telephone System-Ume Division Duplex (UHTS-TDD), 
CDMA 2000, Wireless-Local Area Network (W-LAN), EDGE etc, all of which 
belong to the 3'"'* generation wireless standards. Each type of access 
standard has its own particular network concept; where Mobile Internet 
Protocol (Mobile IP) and the General Packet Radio Service (GPRS) tunnelling 
protocol are the main two concepts. The invention, however, is not limited 
to the above mentioned concepts. 

Using methods presently available^ interoperability 
between different network concepts is not guaranteed. This is mainly due 
to three obstacles* First, there is a lack of comron subscriber profiles, 
service standards and authentication mechanisms, preventing enforcement 
of policies relating, but not limited to, access and service authorization, 
and accounting and mobility in different networks. Second^ there is a lack 
of common Quality of Service (QoS) versus resource allocation paradigm 
in the access networks » due to a bottom up instead of a top down approach 
in designing the data link layers with raspQct to QoS requirements. 
Third, there is a lack of common higher layer standards In the terminals, 
preventing service transparency when user terminals, i,e. clients, roam 
betwesn different networks that carry specific services. 

Thus, there is a problem with interoperability betweien 
heterogeneous networks mainly because of problems with authentication and 
service transparency in and between different networks. It is, of course, 
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theoretically possible to harnionise disparate networks at all of the above 
levels and thus creating interoperability. There is, however, a need for 
an organic way of integrating heterogeneous networks and thus providing 
access independent global roaming. 

5 

Summary of the inventton 

The present invention therefore provides a solution 
to the problems of integrating heterogeneous networks, providing for access 
10 Independent global roaming and access to services via heterogeneous 
networks, without a need for harmonising disparate networks. 

An object of the Invention is to provide access 
independent global roaming in heterogeneous networks. 

Another object of the invention is to provide policy 
15 enforcemert and service transparency when terminals roam between di fferent 
heterogeneous necworks. 

The invention achieves the abova -nentioned objects in 
embodiments thereof by: 

rroving at least essential or ail service related 
20 functions out of the network into the periphery, i.e. clients or user 
terminals and servers, by separating service and access functions, 

conceiving the transport mechanism between clients or 
terminals ^nd servers as a packet pipe, not necessarily adding extra value 
except transport and Quality of Service (QoS) classification thereof, 
25 separating the charging of transport from the charging 

of services and Introducing real-time payment of transport, 

defining policies, basically a set of rights and 
obligations, in a policy definition point, e.g. operator servers, enforcing 
policies In a policy enforcement point residing in the client^ e.g* the 
30 user terminal , and 

standardising and modularising a client or terminal 
architecture that supports the above entities. 

More specifically, ths policies defined in the policy 
definition point are enforced locally in the us^jr terminal in a local 
35 pol icy enforcement point instead of , as usual , in the network. By pol icies 
in this context is meant, among others, a set of rights and obligations 
pertaining to authentication of users, authorization to access and services 



a$ well as purchasing and brokering of transport resources and security. 
Accounting pol icies may govern the charging functions for access charging 
and service charging. By the separation of service and access functions, 
transport can be paid for separately, e,g. in real-time via a credit card, 
pre-paid card, cash card or the like and services can be paid for as usual 
e,g. as per invoice from a service provider, for example. 

The client or terminal thus acts more as a personal 
profile manager, enforcing policies, hence lanaging rights to services 
and access. Services and access are controlled in the terminal by the local 
policy enforce-nent point and the terminal/profile manager is access 
Independent, since access can be purchased in real-time. Thus, the 
subscriber can access any network at any tin^e, considered the right modem 
or layer 1 and layer 2 access module ts provided. Reference is made to 
the Open Systems Interconnect (OSI) model. 

8y adoo^ ino the proposed ^olutior., as described in 
the embodi-^ents of the invention, global roaming .s possible between 
heterogeneous networks such as, CDMA 2000, W-LAN, EDGE and UMTS. The 
ability, with the present in^'cntion, to purchase ar.u<?ss also opens the 
possibility for the terminal to act as an e-comm^rce platform; i.e. the 
terrinal can be used to purchase anything, not jbst access. 

The term transport used trt this specification may 
identify an access network such as CDMA 2000, W-CDMA etc. or e.g. both 
an access network and a co^e IP-network, The term access is used synonymous 
to the term transport. 

Although the invention has been summarised above, the 
method and arrangement according to the appended independent claims define 
the scops of the invention. Various embodiments are further defined in 
the dependent claims. 

Brief description of the drawings 

The objects and advantages of the invention will be 
understood by reading the following detailed description in conjunction 
with the drawings, in which: 

Figure 1 shows a schematic picture of the architecture 
for global roaming In accordance with the present invention; 
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Figure 2 shows an embodiment of an anonymous payment 
method in accordance with the present invention; 

Figure 3 shows a detailed view of an embodiment of a 
local policy enforcemGnt point in accordancQ with the prgsQnt invention; 
5 Figure 4 shows a detailed view of an embodiTient of a 

secure mobile portal in accordance with the present invention; 

Figurg 5 i s an exemplary signalling diagram illustrating 
the signalling involved in a session set up in accordance with the present 
invention; 

Figure 5 IS a detailed view of an exemplary embodiment 
of the terminal in accordance with the present invention; 

Figure 7 shows sche^natically a Policy Domain (PD) in 
accordance with the present invention; and 

Figure 8 shows a mixed access scenario in accordance 
15 with the present invention. 

Detailed description 

The Various features of the invention will now be 
20 described wi*.>, r-ferefi*..- tc the figures, in which like parts are identified 
with c^e ^.ame reference character in the following description, for 
purpose of explanation and not liT^iiation, specific details are set forth, 
such as parrn-cular circuits, components, tpchniqu^s, etc, in order to 
provide a thorough understanding of the present invention. However, it 
25 will be apparent to one skilled in the art that the present Invention may 
be practised in other embodiments that depart from these specific details. 
In other instances, detailed descriptions of well-known methods, devices 
and circuits are omitted so as not to obscure the description of the 
present invention. 

The present invention describes a method of and a system 
for providing access independent global roaming between heterogeneous 
networks and solves the problem with policy enforcement and service 
transparency in and betw*^en different networks. The solution contains a 
number of salient features. 
35 1) A client-server relationship. 

2) A transparent "packet pipe", interconnecting servers 

and clients on a Quality of Service basis, transporting packets. 



3) A Policy Oefimt'on Point:^(PGP) associated v^Uh or 
resid^.nq withiu a server or server cluster defininy policl&s pertaining 
to servTces, authentication, authorization accour-ting, and 

4) A Poiicy EnTorcerr^.ent Point (P£P), associated with cr 
residing n. the client, ^ei forcing policies def -^e-d in the pol \ ':y definition 
pointy at the terminal (client). 

5) Separate charging niecban1s;n5 for access and services, 
i.e cl 1 en. .-server based trans<ictinns . 

6) A transformation of the access n-^^^e into a point of 
sale for v.:cess, offering transparent IP transport. 

7) Removable and i'^terchangeabl^^ layer 1 and 'iay$r 2 access 
modules (modems) for t'ne clients (terminals) for accessing different fixed 
and inobile standards . 

The solution according to the invention will now be 
further described m ^o*-e d?^ail with referonces tn ^iqures 1-7. 

r ^'rv I '.honi d 'schematic piccur*^ o! an ^rchi tectur^^ 
for global roaming accuruing to the invention The a: ch' 'lecture can De 
divided i'^o a serv^ e .icr-^tr -nra-shaded) ano 'refViport oomain 140 
(shaded) . 

^, .f^r.-^Cri dOfPd^n, which rivers the higher layers, 
e.g. OSi-raoa*;i, cods.^. . .i :i server cluster .^hed j;',j*e Mobile Portal 
(SMP) 100 and a client , governed by a Local Poi icy Enforcement Point (LPEP) 
110 r-i»ji:ig in th^^ client cr terminal 120. A iecj-^o encrypted packet 
transportation tunnsl 130 connects the SMP 100 and the LPEP 110 in a 
Client-Server relationship. This tunnel is enabled by the establishment 
of shared secrets between the SMP 100 and the LPEP 110, contained in a 
policy, which is used to generate encryption keys for the packets, e,g. 
IP (Internet Protocol) packets. Since each IP packet is encrypted with 
a unique key, i-e. a shared secret between the service provider and the 
service buyer^ each packet received by the SMP 100 will be seen as a 
facto authentication ot the se.vice buyer or subscriber the service 
provider. 

The SMP 100 acts as a Policy Definition Point (POP) 
for the LPEP 110 defining pol icies with respect to services, authentication 
of subscribers, authorization to access and services, accounting, mobility 
and security for the subscriber The LPEP 110 residing in the client 120 
enforces the policies definyd in the SMP 100. A feature of the architecture 



is that charging for .:"c:'bpor- and services can be seps -;f.t»^.c! . Transport 
c^n be paid For in real •ti'^ie u^my, for examplG, a pre-pdid card, credit 
card, d cash LdrJ or the like. Transactions m tiiti service doTain can be 
paid for as usual e.g. as per invoice, for exa^^ple 

The transport dor^ain, concisting of an IP based core 
network 140 and IP basf^d access networks such as di?$i9nat€d by the acrony:ns 
CDMA 2000-, EDGE-, W-LAN-, W-COMA- cr fixed or cab^e networks, transports 
packets frofn vhe SM? ICO the LH£P 110. Ths la.y^r : liicl layer 2 part 
150 of the cnr^nt or terrr-inal 120 also belong5 .:o t-. sport domain 
and is p*^eferabiy ifrjjleT-.'nted as interchanoeabic r-o.i:. (modems) for 
different v:cess standards snr.r, a>: W-CDMA, lOGE, ' ?MA ^QOO, W-LAN etc. 
The transport domain noi necessarily adds value I.: the packets, except 
that it classifies the packe\S Ciccording " -j OuaMty of Service and 
transports the packets to the end destlnatt-ui, gi;^ir.»ntf:'i n^ access t-j 
phvsic^! ^9^ourcf^s '.''hav-e rhi^ i<; aopropriat-? 

Tn*-. '-J : 1 icc c^f-ass netv-or?^. .n .u;; '. -ifisport dQ(]:<^tn 
n^ust have me apprcpi'ia'e ^ ntc*rfac.-*s and 3uoo';*'t ^c^ree - on Quality of 
ierv ^ n-^.foni ^ ^' ca:* d picket pipt, --.0 ir:- packet pipe 130 

provides layer 1 ar- ' ■ ■ " .-r .^o^.. to convey n-iC***^* data traffic across 
radio air Interfr.:^- -.^e '^-s part '.ne '"*;'^port domain, the 

j.L-i c i ' i'^ * • e Co process , . -'crfnation in ihfi 

embodin-X'.it or i^e in^.ent:^" /^^revA transport cr^-r^^, is Independent of 
sBrvic .Tr,if' , -:h<;*eir ccess u\i ; rils^jendent r^^cci 

any otn<r '-.harging, >'-^c **.s N.feiparate '^n*'1cy The ir^^nsport domt.-i 

thus involves rneatis for charging a subscriber f^r trjn^.port used, e.g 
via a pr-i-pa-?-; card* credit C'^rdv cash car:l -j^ oth r ^earis. It is n^t 
necessary T:riat a subscriber is authenticate'l or authon.-ed by a service 
provider before transDort charging takes place It is.. :'.'y n^icessary to 
validate the pre-pa"'d card, credit card, cash card o? the like, I.e. it 
is possible to implement anonymous payment methods for transport. Access 
providers can accept differ^^nt typ^s of payirpnt u^thcds far payment i'^ 
transport; e.g, some access rv-ovidsrs may a^Cc::! all ^.ajor credit cards 
and their own special cash Cdrd for paying for a.c^s^ to their networks. 
This tan V' compared to whsin stores have a -.ti' ver on ths entrancB 
inforriing -wha- credit cards ^hey 4^:cspt, fo^ ex^i^^pi^ 

1" Myure Z an exempt i fyi*'"*, err'-.odiment of an 
anonyrrioui .?::M!c-^t methoa Khv^). 'he terminal 'iV tri^-s-iu a random acces$ 
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channel (m GSM typically the RACCH) including payment information 200 
to an a'-cess node 2l(J. The paynent information identifies the Credential 
Verifier (CV) 220 e.g, the issuer of a credit card or an access 
subscription, the identity of the subscriber in an encrypted form and the 
Cftedit verification in an encrypted form, e.g. a credit card number. Thi^s 
information is received in the access node 210 which reads out the address 
to the CV 220 adds a transaction number to the user identity and credit 
verification and transmits that information 230 to the Tdentified CV 220 
e.g. a MasterCard^ server. The CV 220 decrypts ihe packets ^ent from the 
access node 210 with unique keys for that particular subscriber and 
checks whether the user identity and the credit verification number are 
correct. In this way the subscriber can be uniquely identified and thus 
authenticated. If the relationship between the user identity and the credit 
verification "»$ correct the CV 220 transT.its a .nessage with the same 
transac^:- -^n number ar:j a positive acknowl edqement 240 back to the access 
node 210 The acces? rode trle^ returns a message ?50 w a modefn/router 
interface contained :a the terminal 120 containir-^ an IP-address and a 
posi' v .'^^^c* r- % ^rr-itlnn access, ^h- . -i dre-is li stored in 
the modem/router r-a tacc ■ in .he LPEP ^0 ard is associated with a 
service rf^qaesceo cr>e $Ui;}i'^rit£r in the -service i dyers 260, 

ih*: itruwuure <arid operation u." in ^ixempiary errbodiment 
of the LPEP 110 resident in the client or ter<Ttnal 120 will now be 
describes \u rure ci^ta'* reference to rvju^-^ j the drawing-^. 

As discussed above, the LPEP 110 enforces policies with respect to 
authentication of subscribers, authorization to access dnd services, 
accounting, mobility and security for the subscnber(s) that the LPEP 110 
serves. These policies are defined in the SMP 100 that acts as a POP for 
th$ LPEP no. Each LPEP 110 has a set of policies associsited with it and 
the relationship between the PDP and the LPEP 110 i.e. between the SMP 100 
and the subscriber is uniquely defined by these ooiicies in the LPEP 
authorization database 300. 

Each relation that the subscriber has with SMP's 100 
or CV's 220 is defined with a number of parameters 310. In the embodiment 
shown at least four parameters have been defined, These are obligations, 
rights, and a shared secret, i^e, a unique identity 4nd an sncryption key, 
and an IP-address to the SHP 100 or the CV 220. These relations are 
negotiated either in real time using public key infrastructure or by 
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signing up for a service and receiving the obligations, rights, shared 
secret and IP-address 310 to the SMP !00 or CV 220 by mail, for exanpls. 

The LPEP 110 is also responsible for authent teat i ng 
the subscriber via e.g. a PiN-code or a fingerprint reader. If the 
subscriber is authorised he gains access to the LPEP 110. It is possible 
that the LPEP 110 serves more than one subscriber, then the authentication 
database 320 stores several subscribers A, 8, 330 and their 

corresponding identification keys key 1, key 2, ... 340. The LPEP key 350 
on the other hand Is used far identifying the LPEP 110 to the SMP 100 and 
for encrypting the traffic between the LPEP 110 and the SMP 100 or CV 22Q. 

During a commumcation session the LPEP 110 maintains 
an accounting log 360 containing accounting information 370 pertaining 
to the session, such as start time, $top ti:ne and service utilised. This 
accounting log 350 can be used by the SMP 100 for billing and auditing 
purposes. At completion of the session the LPEP 110 can forward the 
accounting log 350 to the isMP 100 and the S»MP 100 replies in agreement 
or disagreement, i.e. compare the accounting log in the SMP 100 with the 
one generate'J in the LPEP 110. Alternatively the accounting log 360 is 
transmuted from the lPEP 110 to the SMP 100 at regular intervals, such 
as at the end of the day 

With reference now to figure 4 of the drawings, the 
structure and operation of an exemplary embodiment of the SMP 100 will 
be described mors detail. As discussed above, the SMP 100 defines 
policies with respect to authentication of subscribers, authorization to 
access and services, accounting, mobility and security for the subscribers 
that the SMP 100 serves. Thus, the SMP 100 contains an Encrypted Subscriber 
Register (ESR) 400 carrying subscriber IP addresses or network address 
identifiers (NAI), e.y. n.n^tel ia^mob . as well as encryption keys for each 
individual subscriber and service that the SMP 100 serves. This, to provide 
encryption, authentication and authorization to the services provided. 
The SMP 100 also contains a Global Location Register (GLR) 410 indicating 
which access networks the subscriber presently is residing (visiting) in. 
To be able to provide voice services the SMP 100 also contain a voice 
server 420 for providing e.g. voice over IP. The SMP 100 can be seen as 
a server cluster providing both secure and non-secure services to the 
subscriber; secure services like e-commerce 430, security alarms, health 
care services, etc. and non-secure services like wsb browsing 440 and 



catalogue/ information services 450, for example. The SMP 100 also contains 
a secure accounting server 460 for accounting and auditing of records. 
The SMP 100 can also update the policies in the LPEP 110. For example if 
the subscriber doss not prj the invoices for a particular servicej that 
service can be barred. 

With reference, now to the exemplary signalling diagram 
shown in figure 5 of the drawings, the initiation of a session will be 
described in more detail . To initiate a session a subscriber 580 transmits 
an authentication request 500 including subscriber identity and a 
corresponding key e*g* a personal identification number (PIN) or a 
fingerprint, to gain access to the terminal and the rights of the LPEP 110. 
When the subscriber 530 receives an authentication reply 505 indicating 
that the subscriber 580 is authenticated to use the terminal, a service 
request 510 is transmitted to the LPEP 110. The LPEP 110 decides on a 
suitable access depending on the service requested by the subscriber 
and transfnits an access request 515 identifying the subscriber and 
corresponding payment information 5Z0, everything but the address to the 
CV encrypted by the LPEP key, to the chosen access network 585. The access 
network 585 reads the paynent inforniation and identifies the address to 
the Credential Verifier (CV) 220, generates a transaction number and adds 
the payment infoi^mation, i,e. the user identity in an encrypted form and 
credit verification in an encrypted form, e.g. a credit card number, and 
transmits the message 525 to the CV 220, The CV 220 decrypts the message 
and if the relationship between the user Identity and the credit 
verification is correct the CV transmits a message with the same 
transaction number and verifies the subscriber's credentials 530. The 
access network 585 transmits access OK 535 together with an IP-address 
to the LPEP 110 and at the same time the access network 5S5 transmits a 
message 540 to the SMP 100 indicating in what network the subscriber 580 
is residing in. The LPEP 110 then enacts 545 the re<iue$ted service 510 
In the SMP 100 and the subscriber 580 and the SMP conducts a session 550. 
The LPEP 110 and the SMP 100 monitors 555 all transactions between the 
LPEP 110 and the SMP 100 for accounting purposes. To end the session the 
subscriber 580 transmits an end session message 550 to the LPEP 110 that 
transmits an end session message 565 to the SMP 100. When the session has 
ended the LPEP 110 sends accounting information 570 to the SMP 100 that 
compares it with the accounting information generated in the SMP 100 and 
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sendi d positive or negative accounting confirmation 575 back to the 
LPEP 110. 

With ref^r^nce now to figure 5» Gmbodiments and 
functions of the client or terninal will be described in more detail. The 
5 terminal is basically separated into three parts, an access part, a control 
part and a service part. The access part contains a number of access 
options (rnodems) 600a-c. These access options can physically be located 
In the terminal itself or in someone else's terrinal, or be a Bluetooth^ 
interface connecting to remote rr;Oderns e.g. in the subscriber's briefcase. 
10 The service part contains a user interface and applicable application 
prograrrming interfaces (APTs) for the services. The control part contains 
a policy enforcement engine 610 and a policy repository 620, 

The terminal also contains a layer 2 IP switch 630 and 
a layer 3 IP router 640 between the modems 600a-c and the applications 
15 interface 650. This enables the user 660 the possibility to have several 
information flows between applications 670 and modems 500a-c active at 
the same time. For example can a voice over IP data flow be [maintained 
through a W-CDMA network, at the same time as a multinedia flow is 
maintained through a W-LAN network, while the terminal at the same time 
Q 20 is receiving a best effort flow from another terminal, through a 
Bluetooth^ modem. This possibil ity to route a plural ity of data flows from 
a plurality of modeirs 60Qa-c is possible because of the included layer 2 
Q IP switch 630, and layer 3 IP routing 640. This embodiment also makes it 

ill possible for the terminal to hand over a communication session from one 

'tl 25 communications network to another, by re-routing the data flow from one 
,f modem port to another, 

O The access discovery function 680 of the terminal is 

f- continuously active, scanning the surroundings for access possibilities 

\rr\ and generates a record of all available access possibilities. The access 

r|30 selection function 690 is responsible for requesting access and presenting 
^ credentials to the desired access network depending on the service 

requested from the service layers and also for preparing to interconnect 

with the chosen access network. 

The policy enforcement engine 610 and the policy 
35 repository 620 in the control part connect the modems 600a-c in the 

access part with the user 660 and the APTs in the service part* More 

specifically the policy enforcement engine 610 in the control part has 
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the respansibll ity for a variety of tasks such as authenticating the user 
660 to the terminal, authorising the user 560 to services and collectinq 
acccunting data. These and other tasks will be further described in 
relation to figure 8. 

5 The policy repository 620 cf the terminal can be seen 

as a database containing the subscribers relationship to access providers, 
service providers as well as individual clients, i.e. the obligations, 
rights, shared secrets and addresses to credential verifiers or SMP*s. 
These relationships can be varying and sofr.etiT^es extre-nely cotrplex. Also 

10 these relationships may need to be updated at any tire. 

Some service providers may e.g. have a hierarchical 
relation between different aspects of its service. For example a special 
access network or a special gateway night need to be used or passed before 
a particular service can be executed and perhaps a trusted relationship 

15 will have to be enacted for a particular session. Other service provider 
might be non-hierarchical, which means that the different services are 
open and enacted at the sar.e level, e.g. in that any access network may 
be used, 

A subscriber rriay have a relationship to many different 

20 structures, hierarchical and flat. For example, subscriber A has a private 
subscription with provider X for voice and web browsing. Under the voice 
service, subscriber A communicates following a specific policy with 
subscriber 8. Subscriber A also has a specific business relationship to 
subscriber C, such that al] packets to subscriber C will be encrypted and 

25 directly transferred to subscriber C. In addition to hu prwate 
subscription with provider X and his occupational relationship with 
subscriber C, subscriber A may also be a niember of an exclusive business 
club that operates a club server. His club oiembership fee provides 
subscriber A encrypted voice and data traffic services to all other members 

30 of the business club. The bank at which subscriber A has an account, may 
also operate a server of their own, and may have deployed a policy in the 
terminal of subscriber such that he always can access his bank account, 
even at midnights. Both the bank and the business club need to purchase 
the service of some HSP. in order to know the whereabouts of subscriber 

35 A, that is unless the bank or business club operates an MSP themselves. 
All these relationships are reflected in the policy repository 620. 
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Each relationship a user 560 or subscriber would liKe 
to enter into is defined using a nurnber of at least three or four 
parameters. These are nghts, obligations, shared secret, and address to 
a credential verifier or SMP, thus creating a policy block. The policy 
repository 620 contains several policy blocks defining the relationships 
that exists between the user 650 and different service providers as well 
as individuals. 

The policy repository 620 can be accessed fron outside 
695 of the terminal providing the user has opened the policy repository 
620 by e.g. a personal identification code, a fingerprint reading or other 
means. Then a service provider can update their policy block and relevant 
coupling coefficients. Once the service provider has entered its policies 
into the policy repository 520 these can be updated at will by the service 
provider providing such an agreement exists. If no such agreement exists 
the subscriber must open the policy repository 520 every time before 
changes can be nade. 

The policy enforcement engine 610 thus enforces policies 
defined in policy repositories 620. This implies e.g. that rental cars, 
hotel rooms etc. can be provided with policy enforcement engines 610 
executing the pclKies in a user's or visitor's policy repository 620. 
Both the policy enforcement engine 610 and the policy repository 620 is 
preferably implemented as computer programs on a suitable medi a, e.g. smart 
cards together with a suitable wireless access product such a$ Bluetooth^. 
Other implementations are of course possible, e.g. integrated circuits, 
a circuit board in the terminal or as a separate circuit board that can 
be inserted into any appropriate terminal. 

Figure 7 shows a so-called Policy Domain (PD) and sub- 
domain. The pol icy domain contains multiple pol icy blocks 625 Which contain 
all the specific relationships existing between the user and service 
providers, as well as individuals. Each policy domain may contain sub- 
domains 635 defining a reserved domain space for a particular application. 

A coupling matrix U defined between the policy blocks, 
defining their hierarchical relationship. Relationships between policy 
blocks xi, yj and policy blocks xk, yl are determined by a coupling 
coefficient K, ij, kl . If the coupling coefficient is 0, than there is 
no relationship. If the coupling coefficient is +1, than block k,l is 
dependent on block i J implying that block i,j has a higher position in 
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the hierarchy than block kj and that block i,j cust be enacted before 
bl ock k J . 

If the coupling coefficient is -I, than block kj 
supersedes block ij, implying that block i J has a lower position in the 
hierarchy than block kj. 

With reference now to both figure 6 and 8 the tasks 
of the control part of the terminal will be described in more detail 
together with a iiixed access scenario. Suppose that the access 
possibilities consists of several different networks, such as W-CDMA 700, 
EDGE 705. GPRS 710, CDMA-2000 715, W-LAN 720 or Fixed or Cable 725 and 
that the transport network is an IP based core network 730. To gain access 
to the functions of the tei^minal and the policy enforcement engine 610 
and policy repository 620 the user 660 must be authenticated. Thus an 
authentication request is transii^i tted to the policy enforcement engine 
SIO that checks the authentication with the relevant policy blocks in the 
policy repository 620. When the user 660 is authenticated all the rights 
and obligations associated with the user in the policy repository 620 are 
open. 

The access discovery function 580, which is continuously 
active, has scannec all available access networks and found the above 
mentioned access possibilities 700-725 and made a record of what 1$ 
available. The user 660 now e.g. wants to initiate a web-service and thus 
via the applications interface 650 agree on parameters, i.e. some Quality 
of Service value for the session, e.g. the transmission rate. The 
applications interface 650 thereafter asks the policy enforcement engine 
510 to enact the requested web-service. The policy enforcement engine 610 
then collects data from the policy repository 620 and the access selection 
function 590 to set up a channel that complies with the agreed parameters 
and the requested service and thereafter activates the connection, 

If the user 560 does not have a subscription to the 
requested network, the policy enforcement engine 610 presents credentials 
to the appropriate access supplier. The credentials can e.g. be a credit 
card accepted by the access supplier. The policy enforcement engine 510 
then launches the requested web-service according to the policies in the 
policy repository 620. The policy enforcement engine 610 tracks data 
exchanged during the executed web-service according to policies for 
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accounting and verification purposes. Then the policy enforcement engine 
510 disconnects the application 670 and assembles the accounting data. 

Another possibility occurs if the terminal does rot 
have the appropriate moden 600a-c for the best access network. Hagine 
for example that the GPRS network 710 is most suitable for the requested 
web-service but the user terminal only has a W-CDMA interface. The solution 
IS the Bluetooth'^ fnodem 740 a-b attached to the terminal, which nnakes it 
possible to use the modems 600a-c of a neighbouring terminal. The 
Bluetooth^ rr.odeni 740a-b in the neighbouring terminal then acts as an 
access point or bridge to access the GPRS modem of the other terminal. 

The user or sub$cnber physical owns the PEP. The 
content of the PEP can be the ownership of tnany parties. The subscriber 
controls access to the PEP. and can delegate these rights to another party, 
for example an operator, or other service provider. The PD and its sub- 
domains can be accessed frcoi outside, providing the user initially opens 
the PO (by a card opening PIN or by other means). The service provider 
can enter its policy blocks, as well a$ the relevant coupling factors that 
define the relationship between the policies of the service operator. Ones 
the service provider has entered its policies into the PEP, these can be 
updated at will by the service provider, providing such an agreement 
exists. If ther^ 1$ no such agreement, then the PD nust be opened each 
tirre by default, for example. 

The LPEP can be realized physically in many different 
ways. It can be on board in a mobile terminal, it can be part of a network 
termination equipment in the residence, it can be a separate board which 
can be inserted into any appropriate terminal when the user wishes to make 
a call, or It can be a separate PEP board encapsulated together with a 
suitable wireless access product (such as Bluetooth^). The PEP may 
communicate with the client that the subscriber wishes to use for 
communication according to the principles defined above. 

The invention being thus described, it will be obvious 
that the same may be varied in many ways. Such variations are not to be 
regarded as a departure from the scope of the invention, and all such 
modifications as would be appreciated by a person skilled in art are 
intended to be included within the scope of the following claims. 



